[Not Really] Doas Scriptablitiy
Hello everyone! I have a script that I am using to mount drives via dmenu, in this script a friend finally helped me to get it so I can enter sudo via dmenu; the issue is I want to use this script on my main machine which uses doas (it runs OpenBSD) I really prefer doas as it is better in my opinion. I am unsure how to be able to enter my password via dmenu for it though. Does anyone know how to do the same thing I do here, but with doas?
Code:
#!/bin/sh Marked as solved, I mean it isn't yet; but people are getting kinda heated so I'll close it... |
I would try a different way, if you are using sudo. If you are careful, you can specify a pattern in your /etc/sudoers file and then precede it with NOPASSWD.
|
Quote:
|
doas can only take strings not patters, so you'd have to ennumerate the options. That can be a problem if there are many.
With sudo you can try a pattern: Code:
%foss ALL=(root:root) /bin/mount /dev/sd[a-f][0-9] /mnt[0-9] |
Funny - I just read up on "doas" as I wasn't familiar with it. The primary reason one writer gives is because it is "runas on steroids" and implies that sudo can't do runas. In point of fact sudo allows runas_alias definitions in its sudoers file so does in fact allow for runas. I've used them here for years.
There isn't anything I've tried to accomplish with sudo that I wasn't able to do. I've used sudo on HP-UX, Solaris and Linux and *BSD and never saw any need for a replacement. From my brief read it appears you can do a lot with doas as well. Saying doas is superior (or sudo is superior) is purely subjective. Such opinions, much like everything else in computing, are often based on how the person giving the opinion originally learned to do things. Years ago all AIX admins claimed it was the best UNIX variant but invariably it was the first (or only) one they'd used. The rest of us who learned other variants (AT&T, SCO, HP-UX, Solaris) first all hated AIX. Me, I liked AT&T then loved SCO and later HP-UX. When I ran across Solaris I disliked it but not quite as much as when I'd first run across AIX. Of course these days I use mostly Linux but the arguments about which distro is best seem to follow the same pattern. |
The doas(1) utility is certainly simpler than sudo(1). That simplicity can be an aid to security. But it can also limit certain activities. As an example, the doas.conf(5) permit|deny rule can be provisioned with command arguments, but the arguments must match exactly, there is no wildcard globbing, there are no regular expressions.
When I script with doas(), I either accept that I will need to authenticate, or I have rules that permit a specific command (and optional, complete argument string) to be used with the nopass option. |
Quote:
|
You might experiment with one of the alternative authentication methods offered by $ doas -a <style>.
|
Quote:
One can indeed restrict sudoers to allow commands to only run with given arguments. I've done it multiple times. One can also use meta-characters such as * to allow more arguments. As I noted before I've done a fair amount of sudoers definitions and have yet to find a task for which it couldn't be configured. Someone who hasn't delved into sudo can't really give much detail about its capabilities much as I can't really give any detail about the capabilities of doas. If someone wants to use doas that is certainly their prerogative but spewing FUD about alternatives doesn't prove anything one way or the other. Notice that at no point did I say anything bad about "doas" - I simply indicated my preference for "sudo" and countered arguments about what it supposedly can't do. |
Here's some actual fact.
Code:
$ man doas.conf | wc |
Quote:
Quote:
|
Your OPINION that the OPINION stated is correct does not make it a FACT.
|
Wow. And all I did was recommend the utility YOU PREFER.
Jeebus. |
Quote:
|
Quote:
https://www.sudo.ws/repos/sudo/file/1.8/src doas(1) is simpler code and a simpler programme. It doesn't have all of the features and functionality of sudo(8). You can return to argue with upper case but it won't change much. It's a fact, proven by simply looking at the code and man pages. As you're not an OpenBSD user and clearly don't understand why doas(1) replaced sudo(8) in the base system, I suspect that all of this is the product of some unfortunate misunderstanding on your part. https://flak.tedunangst.com/post/doas Quote:
Quote:
|
All times are GMT -5. The time now is 04:35 AM. |